As with every other jurisdiction, a company incorporated and operating in Nigeria is required by law to satisfy a number of administrative and legal compliance requirements. Thus, it is efficient for companies to constantly stay abreast of the compliance requirements applicable to them. In this article, we highlight the regulatory compliance checklist for Nigerian companies.
Get Started with AutoComply to automate your compliance and corporate governance processes
Compliance Checklist for Nigerian Companies
| Regulatory body | Details | Timeline | Penalty |
| Corporate Affairs Commission (CAC) | In charge of business registration for all types of businesses in Nigeria. Companies are required to file annual returns yearly. | File annual returns within 18 months of incorporation of the company in Nigeria and subsequently on an annual basis. | N3,000 or N5,000 fine for each year of non-compliance depending on whether the company is a small or large company. |
| Federal Inland Revenue Service (FIRS) | A company is required to pay a raft of taxes including companies income tax, Value Added Tax (VAT), and other taxes as applicable. a. Within 18 months of incorporation, and subsequently on or before 30th June of every year, file CIT; and b. On or before the 21st day of every month, remit VAT monthly to the FIRS. | Companies are required to remit the withheld value-added tax (VAT) on or before the 21st day of every month. | a. N25,000 for the first month and N5,000 for each subsequent month; for CIT b. 5,000 for every month of default; for VAT |
| Permits and Licenses (CBN, FCCPC, SEC, NAFDAC, etc) | Regulation of specific permits and licenses; to be obtained from the relevant regulatory bodies for the industry. For example, if a company has been set up to run a restaurant, it would require a Good Hygiene Practice Licence from the National Agency for Food and Drug Administration and Control (NAFDAC) | Timelines vary per regulatory body) | Penalties vary per regulatory body |
| Nigeria Data Protection Regulation (NDPR) 2019 | Nigerian companies have a legal obligation to protect the personal data of employees and customers. If the company collects personal data from customers or employees, then such a company should comply with the data protection compliance requirements | A company that controls the data of over 2000 Data Subjects is required to file a summary of its data protection audit to the Nigerian Data Protection Bureau on an annual basis. | An administrative order, imposition of fines, or even prosecution |
| Federal Ministry of Industry, Trade and InvestmentsTrademarks Act, Cap T13, Laws of the Federation of Nigeria | Protection of brands and IP. Regulates how brands register their intangible assets which include: brand names and marks; patents; and copyrights | Trademark registrations are valid for 7 years and renewable subsequently every 14 years. | You could lose ownership of your brand identity |
1. Incorporation
The first compliance requirement for any entity seeking to operate as a company in Nigeria is to incorporate the business as a company with the Corporate Affairs Commission (CAC). This process involves selecting and securing a name, completing the necessary registration forms, and paying the registration fees.
Within 18 months of the company’s Nigerian incorporation, and then every year after that, such a company is required to submit their annual returns to the CAC or be liable to a fine for failure to do so.
2. Permits & Licences
The company should ensure to obtain necessary permits and licenses relevant to the sector/ industry in which such a company operates. Such specific permits and licenses are to be obtained from the relevant regulatory bodies for the industry. For example, if a company has been set up to run a restaurant, it would require a Good Hygiene Practice Licence from the National Agency for Food and Drug Administration and Control, while a fintech startup would require a license either from the Central Bank of Nigeria (CBN), the Federal Competition and Consumer Protection Commission, the Securities and Exchange Commission or other relevant regulatory agencies.
3. Tax
A company has a variety of tax compliance requirements under Nigerian law. The company is required to obtain a tax identification number (TIN). All businesses in Nigeria are required to have a TIN, which is issued by the Federal Inland Revenue Service (FIRS) and the Joint Tax Board (JTB). This enables you to pay taxes and carry out other tax-related activities.
The company should also ensure to comply with tax laws and tax payment obligations. A company is required to pay a raft of applicable taxes, including companies income tax, value-added tax (VAT), and other taxes as may be applicable. It will also need to file tax returns and keep accurate records of business transactions. Under the Companies Income Tax (CIT) Act, companies are required to pay CIT at the rate of 30% per annum over their taxable profits. Companies are also required to remit the withheld value-added tax (VAT) on or before the 21st day of every month.
4. Data Protection
Nigerian companies have a legal obligation to protect the personal data of employees and customers. If the company collects personal data from customers or employees, then such a company should comply with the data protection compliance requirements under the Nigerian Data Protection Regulation (NDPR) 2019. The compliance obligations under the NDPR include: obtaining consent for data collection; ensuring the security of data; providing individuals with access to their personal data; and making use of the data collected for legitimate and lawful purposes only. The NDPR specifies the bases for lawful processing of personal data collected.
Failure to comply may result in investigations by the National Information Technology Development Agency (NITDA), the making of an administrative order, imposition of fines, or even prosecution. A company that controls the data of over 2000 Data Subjects is required to file a summary of its data protection audit to the Nigerian Data Protection Bureau on an annual basis.
5. Employment Laws
The company should comply with laws regulating their relationship with their employees, including minimum wage laws, employee compensation laws, Immigration Act 2015, Trade Unions Act, Factories Act, National Housing Fund Act, Industrial Training Fund Act, and other labour/labour-related laws.
6. General Compliance Requirements
Companies are also required to ensure adherence to some general compliance obligations, such as compliance with environmental laws or advertising laws. Depending on the nature of the company’s business, it may be required to comply with environmental laws and regulations. For example, if it operates in the manufacturing sector, it may need to obtain environmental permits and comply with waste disposal regulations.
Similarly, companies are required to comply with advertising laws where they choose to advertise their products or services. These include truth in advertising and unfair competition laws.
7. Corporate Governance
Nigerian law also requires the company to adhere to corporate governance best practices. This helps to ensure the company is run properly. Some corporate governance requirements can be found under the principal company law – the Companies and Allied Matters Act (CAMA) 2020.
For example, under the CAMA, the Board of Directors generally exercise management powers in the company, while some corporate decisions cannot be taken without the members in general meeting (such as a change of the name of the company, change of business/ objects, capital increase, reduction of capital, etc.).
Others can be found in corporate governance codes such as the Nigerian Code of Corporate Governance; 2018 (NCCG); the Code Of Corporate Governance for Public Companies (CCGPC) 2011; Code of Corporate Governance for Banks and Discount Houses in Nigeria 2014; Code of Corporate Governance for the Telecommunication Industry 2016; and the Code of Good Corporate Governance for Insurance Industry in Nigeria 2009. Where applicable, these codes should be complied with.
8. Industry-Specific Regulations
Companies should also be sure to comply with industry-specific regulations: Depending on the industry you operate in, you may need to comply with specific regulations. For instance, if the company operates in the telecommunications sector, it should comply with regulations set by the Nigerian Communications Commission (NCC).
Compliance with regulatory requirements is a crucial aspect of any business, but it can often be overwhelming and time-consuming. We at Norebase are aware of these difficulties and will assist you in achieving all obligations listed in the regulatory compliance checklist for Nigerian companies. Click here to get started.
Get Started with AutoComply to automate your compliance and corporate governance processes
2 thoughts on “Regulatory Compliance Checklist For Nigerian Companies”